[Python-Dev] cpython (2.6): - Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED (original) (raw)
Benjamin Peterson benjamin at python.org
Tue Feb 21 03:04:51 CET 2012
- Previous message: [Python-Dev] cpython (2.6): - Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED
- Next message: [Python-Dev] cpython (2.6): - Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
2012/2/20 Antoine Pitrou <solipsis at pitrou.net>:
On Tue, 21 Feb 2012 02:44:32 +0100 barry.warsaw <python-checkins at python.org> wrote:
+ This is intended to provide protection against a denial-of-service caused by + carefully-chosen inputs that exploit the worst case performance of a dict + insertion, O(n^2) complexity. See + http://www.ocert.org/advisories/ocert-2011-003.html for details. The worst case performance of a dict insertion is O(n) (not counting potential resizes, whose cost is amortized by the overallocation heuristic). It's dict construction that has O(n**2) worst case complexity.
@@ -1232,9 +1233,9 @@ flags_doc, /* doc /_ _flagsfields, / fields */_ #ifdef RISCOS + 17 +#else 16 -#else - 15 #endif Changing the sequence size of sys.flags can break existing code (e.g. tuple-unpacking).
I told George I didn't think it was a major problem. How much code have you seen trying to upack sys.flags? (Moreover, such code would have been broken by previous minor releases.)
-- Regards, Benjamin
- Previous message: [Python-Dev] cpython (2.6): - Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED
- Next message: [Python-Dev] cpython (2.6): - Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]